Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sensitive Personal Information of 246,000 DHS Employees Found on Home Computer (usatoday.com)

Posted by msmash on from the gift-that-keeps-giving dept.

The sensitive personal information of 246,000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY. From the report: Also discovered on the server was a copy of 159,000 case files from the inspector general's investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell, according to a report sent by DHS Inspector General John Roth on Nov. 24 to key members of Congress. The information included names, Social Security numbers and dates of birth, the report said. The inspector general's acting chief information security officer reported the breach to DHS officials on May 11, while IG agents reviewed the details. Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach.

26 of 59 comments (clear)

  1. Re:TSA I hope by Mr+D+from+63 · · Score: 2

    They used to publish big books with people's names, addresses, and phone numbers. They were distributed to criminals for free. . And most people wanted to be in it.

    Times have changed.

  2. Re:TSA I hope by Hal_Porter · · Score: 5, Insightful

    The TSA allowed a reporter to photograph the master keys for those stupid TSA locks.

    https://www.wired.com/2015/09/...

    With the result that now anyone anywhere in the world can open your luggage, take stuff out and reseal it.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  3. Re:TSA I hope by DontBeAMoran · · Score: 3, Interesting

    This is the perfect example to use against the idiots who want backdoors in operating systems, smartphones, tablets and computers.

    --
    #DeleteFacebook
  4. Very alarming by FFOMelchior · · Score: 2

    There are (at least) 246,000 DHS employees?

    1. Re:Very alarming by lazarus · · Score: 2

      $12.3 billion in salary alone if the average is $50k full-loaded. I suspect the number is probably closer to $80k and the total would be $19.7 billion. I can't imagine what the total budget would have to be to protect the US's borders, but it is obviously an outrageous amount.

      --
      I am not interested in articles about life extension advancements.
    2. Re:Very alarming by nospam007 · · Score: 1

      " I can't imagine what the total budget would have to be to protect the US's borders, but it is obviously an outrageous amount."

      Indeed, from WP:

      Employees 229,000 (2017) [1]
      Annual budget $40.6 billion (2017)[2]
      Agency executives

              Elaine Duke, Acting Secretary
              Claire Grady, Senior Official performing the duties of Deputy Secretary

      Child agencies

              United States Citizenship and Immigration Services
              U.S. Customs and Border Protection
              Federal Emergency Management Agency
              U.S. Immigration and Customs Enforcement
              Transportation Security Administration
              United States Coast Guard
              National Protection and Programs Directorate
              United States Secret Service
              Federal Law Enforcement Training Center
              Citizenship & Immigration Services Ombudsmen
              Domestic Nuclear Detection Office
              Management Directorate
              Office for Civil Rights & Civil Liberties
              Office of General Counsel
              Office of Health Affairs
              Office of Intelligence & Analysis
              Office of Legislative Affairs
              Office of Operations Coordination
              Office of Partnership & Engagement
              Office of Policy
              Office of Public Affairs
              Office of the Inspector General
              Privacy Office
              Science & Technology Directorate

  5. Glad to see same typical response we always get by Anonymous Coward · · Score: 1

    "oops, our bad, here's your free 18 months of credit monitoring"

    No one goes to jail, no one gets sued back to the stone ages. Providing free credit monitoring every couple of years is just the new cost of doing business. It's way cheaper than actually securing stuff.

  6. Last name Clinton. by Zorro · · Score: 1

    So, no charges, wasn't even a crime claims the TSA.

    1. Re:Last name Clinton. by Camel+Pilot · · Score: 1

      Who are in charge of the DHS in May 2017? Hmmmmm?

    2. Re:Last name Clinton. by DickBreath · · Score: 1

      It's not a crime. It's an, uh . . . it's an off site backup! That's what it is!

      --

      I'll see your senator, and I'll raise you two judges.
    3. Re:Last name Clinton. by Anonymous Coward · · Score: 1

      Who are in charge of the DHS in May 2017? Hmmmmm?

      That was when the data was FOUND.

      From TFS:

      Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach.

      Given that the data only includes DHS employees through the end on 2014, do you have the balls to comment on who was in charge THEN?

      I'm guessing no.

    4. Re:Last name Clinton. by Camel+Pilot · · Score: 1

      The breach was discovered in May 2017 the data contained older records.

  7. had my identity stolen so many times, I'm nobody by Thud457 · · Score: 1

    If breaches like this keep up, pretty soon we're all going to be anonymous.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  8. Re:TSA I hope by Anonymous Coward · · Score: 3, Insightful

    This is the perfect example to use against the idiots who want backdoors in operating systems, smartphones, tablets and computers.

    The problem is the assholes and idiots who want backdoors to all forms of security are one of two flavors:

    1) The idiots who can't be educated on the technology and think mathematics is subject to laws written by people
    2) The assholes who don't care if they break security for everyone as long as they can expediently get access to any and all data

    Neither of these groups gives a fuck ... they want security, at any cost, and if the security of the state breaks security for everybody, or if this weakened security encroaches on other freedoms, the simply don't care.

    For them, you have nothing to fear if you have nothing to hide makes perfect sense. And they're utterly incapable of understanding said back holes would weaken banking, the security of the networks they're trying to protect, and pretty much everything else.

    Make no mistake about it, the nascent fascists who think it should be illegal to have secrets from the government simply don't give a fuck about the consequences of that.

    Unless of course it happens to be their own bullshit they do when nobody is looking. Then somehow they realize their freedom to fuck their secretary (or some guy in an airport bathroom) derives from a degree of privacy and secrecy they believe to be situational.

    Look at law enforcement or law makers. What they want is the ability to open anybody's phone, computer, network connection ... any time they want ... without any oversight. Because law enforcement tends to be assholes and fascists who don't know or care about the law.

    It's taken about 20 years for Americans do go from understanding "papers please, comrade" as a warning against state encroachment on your rights, to actively championing the sentiment. In fact, 16 years, two months, and a bit.

    And sadly, Americans have become all too willing to trade their liberties for the illusion of security. The problem is they're very willing to trade other people's liberty first.

  9. What's more scary by Anonymous Coward · · Score: 1

    Is the fact that there are 246,000 DHS employees. That larger than some nations armies.

  10. Re:TSA I hope by AutodidactLabrat · · Score: 1

    Cheer up.
    The majority, by 2.86 million, do NOT agree with endless police state tactics and "rough him up" declarations by the "messiah" of the moment

  11. Re:TSA I hope by Anonymous Coward · · Score: 1

    Except that the Hillary Supporters are the ones that actively believe that the state should access all of your secrets. These are the same clowns that supported and applauded Obama's extension of the GB secret courts and data mining. They also supported having the FBI access iPhones whenever they want "to protect from terrorists" and "think of the children".

    Nice try though.

  12. Re:TSA I hope by TheCarp · · Score: 2

    Incorrect.

    The master key of these locks is not like a cryptographic key; it conveys no security at all. Since locks with the same master key are easily purchased; the shape of the master key is trivial to reverse engineer anyway.

    Nothing was revealed by that photograph. Anyone who wanted a copy of that key could always have made one.

    Bottom line: any mass market lock with a master key is fake security. TSA is endangering the public by even mandating one. This employee did nothing wrong except work for the TSA.

    --
    "I opened my eyes, and everything went dark again"
  13. Re:TSA I hope by burtosis · · Score: 1

    Maybe not the best example as described because with a few TSA approved locks you could likely reverse engineer the key with high accuracy, no need for an errant photograph. It would be like a backdoor in your encrption where you were led to believe you are secure but whose key was half ass hashed and sent in plaintext everywhere. Then again, on second thought, maybe this is indeed the perfect example.

  14. Re: TSA I hope by dougdonovan · · Score: 1

    $$$ talks.

  15. This is just another example of why... by Sqreater · · Score: 1

    ....computer systems will NEVER be secure and why people should never expect their data to be safe from criminals and governments etc.

    --
    E Proelio Veritas.
    1. Re:This is just another example of why... by AHuxley · · Score: 1

      Think in terms of the FBI and federal, state, city internal affairs investigations.
      If all the secret data was secure how can cleared gov workers be watched and tracked 24/7?
      The gov systems in the USA are set up to watch for internal criminals, whistleblower, media investigations and corruption 24/7.
      If everything was encrypted how could investigators see data moving around networks to gov staff who then walk out, sell secrets?
      One good example is the data use of once trusted staff tempted to become a whistleblower.
      They collect information network wide and then walk out with the data sets to give to the waiting media.
      How is that going to be tracked before publication?
      With plain text all that can be seen in real time as a worker starts to get ready to become a whistleblower.
      Security can move in before a member of the media of contacted and constitutional media freedoms provide legal cover for publication.
      If the worker did manage to get the data out, at least the US gov/mil has some warning that data walked out and a counter/cover story can be ready for publication.
      Plain text is security bait for US workers and is an easy way to sort the loyal gov workers who will obey any orders from the people who become whistleblowers.
      Its great for criminal, media and spy investigations too as US/UK collect it all methods can find that plain text all over global networks in real time.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re: This is just another example of why... by AHuxley · · Score: 1

      Re "soooooo, why wasn't this"
      So many cyber investigation that the investigations and interviews cant keep up?

      --
      Domestic spying is now "Benign Information Gathering"
  16. Not a big deal really by WinstonWolfIT · · Score: 1

    Files on a computer doesn't mean anything. All work computers here are required to be encrypted and locked when unattended, which is a minimum level of security.

  17. Re:TSA I hope by Hal_Porter · · Score: 1

    Yeah, that's very worrying possibility. Hell in places like Russia or China I wouldn't put it past them to plant stuff in your baggage and then use that to detain you until you pay them off.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  18. Re: TSA I hope by houghi · · Score: 1

    When I travel, I do not use locks. I user zip ties. I know that suitcase locks are useless. I just want to know if they opened it. Unlikely they go to the trouble of finding a similar zipty without wasting time.
    If they are thieves, they either do not care or take the next to stay unnoticed. If they are the TSA they rather put a note in it that kit has been searched and be carefull they can not be blamed for theft.

    --
    Don't fight for your country, if your country does not fight for you.